Visit a SSL/TLS enabled website that is hosted on a virtual host with any application that uses SSL/TLS, but that does not support SNI. The virtual host certificate does not include the default server host name.

Here is a short list of platforms and clients that does not support SNI.

• Internet Explorer on Windows XP/2003
• Internet Explorer 7 on Windows Vista and higher.
• Android default browser on 2.x
• Safari on Windows XP
• BlackBerry Browser
• Windows Mobile up to 6.5
• wget before 1.14
• Java before 1.7
• Any application that rely on the aforementionned browsers and/or engines.

When accessing a webpage with a browser or a software listed above, a SSL error may be triggered. It warns that the certificate does not matches the server name, displaying the default host name instead of the virtual host name.

Include the server default host name in a SubjectAltName field when creating the virtualhost certificate signature request.